Report: More flaws found in Microsoft's Vista

NEW YORK (CNNMoney.com) -- Computer security researchers and hackers have found more flaws in Microsoft's Vista, the long-awaited update to the Windows operating system, according to a report Monday.

One programmer said it was possible to increase a user's privileges on all of the company's recent operating systems, including Vista, while a computer security firm said that it found five other vulnerabilities, including one error in the software code underlying the company's new Internet Explorer 7 browser, the New York Times reported.

The browser flaw means that users could become infected with malicious software simply by visiting a particular Web site, according to the report.

That would make it possible for an attacker to inject rogue software into the Vista-based computer, the paper said, citing executives at Determina, a maker of software intended to protect against vulnerabilities.

The new operating system - Microsoft's (Charts) first update to Windows in five years - is crucial for the world's biggest software company. Microsoft has been facing stiff competition from companies like Google (Charts), which has begun offering Web-based applications that rival traditional desktop software.

On Saturday, Nicole Miller, a Microsoft spokeswoman, said the company was investigating the reported browser flaw and that it was not aware of any attacks attempting to use the vulnerability, the paper said.

Microsoft officials were not immediately available for comment on Monday.

The Determina researchers told the paper they had notified Microsoft of four other flaws they had discovered, including a bug that would make it possible for an attacker to repeatedly disable a Microsoft Exchange mail server simply by sending the program an infected e-mail message.

Last week, the chief technology officer of Trend Micro, a Tokyo-based computer security firm, said he had discovered an offer on an underground computer discussion forum to sell information about a security flaw in Vista for $50,000, according to the Times.

Many computer security companies say that there is a lively underground market for information that would permit attackers to break in to systems via the Internet, the paper said.